IPv6 tunnel

This scenario details how to connect an IPv6 enabled site which has no native IPv6 internet service to connect to a remote IPv6 routing service to facilitate end to end IPv6 transport, thus avoiding the need for NAT64.

Hurricane Electirc (http://ipv6.he.net/) offers an excellent free service which allows for the use of global routable IPv6 address on your network through the use of its Tunnelbroker service (http://www.tunnelbroker.net/).

Once signed up you will allocated one /64 prefix to be used by your router and a single VLAN, but if you would like IPv6 on additional VLANs there is also a /46 prefix.
To make use of the IPv6 default route made available via the tunnel, OSPFv3 is used between the 1841 and ASA .

IP configurations

1841 configuration

 !  
 ipv6 unicast-routing  
 ipv6 cef  
 !  
 interface Tunnel1  
  description HE IPV6 Tunnel  
  no ip address  
  ipv6 address 2001:470:bbbb:aaaa::2/64  
  ipv6 enable  
  tunnel source FastEthernet0/0  
  tunnel destination 216.66.80.26  
  tunnel mode ipv6ip  
 !  
 interface FastEthernet0/0  
  ip address dhcp client-id FastEthernet0/0  
  duplex auto  
  speed auto  
  ipv6 address 2001:470:ffff:aaa1::1/64  
  ipv6 enable  
  ipv6 ospf 1 area 0  
 !  
 !  
 ipv6 route ::/0 Tunnel1  
 ipv6 router ospf 1  
  router-id 1.1.1.1  
  log-adjacency-changes  
  default-information originate always  
  redistribute connected  
  redistribute static  
 !  

ASA Configuration

OSPFv3 which supports IPv6 addresses is only available on versions 9.x of the ASA firmware.

 !  
 interface Vlan10  
  nameif outside   
  ipv6 address 2001:470:ffff:aaa1::2/64  
  ipv6 ospf cost 1  
  ipv6 ospf 1 area 0  
 !  
 interface Vlan30  
  nameif inside  
  security-level 100  
  ipv6 address 2001:470:ffff:aa30::1/64  
  ipv6 nd prefix 2001:470:ffff:aa30::/64  
 !  
 ipv6 router ospf 1  
  router-id 1.1.1.2  
  log-adjacency-changes  
  redistribute connected  
 !